How not for profit organisations should be managing risks.
Not-for-profits (NFP’s) face many of the same challenges as for-profit organisations but they also face an additional layer of risk due to their public exposure which invariably leads to greater risk of scrutiny and reputational harm.
Each member of an NFP Board must follow guidelines pertaining to their responsibilities. These responsibilities vary depending on the type of entity and the legal and regulatory environment they operate in.
The recent Royal Commission findings into family violence, disability and aged care have increased focus on NFP’s to carry out their duty of care and accountability to their stakeholders which includes the community at large.
One of the areas which the Royal Commission has highlighted as an area of focus, is the service providers’ governance models and the requirement of directors and those charged with governance to understand and carry out their responsibilities under various laws and regulations. A significant portion of the entities in these sectors are NFP’s. As such, NFP’s need to revisit their governance structure and risk management processes and frameworks.
Risks for NFP’s can come from a variety of sources. The most important include but are not limited to:
- Legal and regulatory compliance
- Reputation and public perception
- Finding key personnel
- Growth and sustainability
- Working within the guidelines of the mission statement or charter
- Safety and well-being of employees, volunteers and community members they are helping
A robust risk management framework and risk register would identify and assess each category of risk outlined above and guide the development of appropriate risk treatment strategies to mitigate the risks to an acceptable level.
One of the challenges the NFP’s face is employment of a full time resource to manage risk within the organisation. This is often due to budgetary constraints and pressures from donors to maximize the use of funds towards service delivery. This often leads to the management of risk being borne by the voluntary Board and delegated to the Chief Financial Officer (CFO). While the CFO and the Board may have the expertise to actively manage risk and develop the right systems, processes and frameworks for risk management, they are often time poor and dedicate a small portion of their available time towards this process.